CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Joommasters: >> Jmssetting Security Vulnerabilities

CVE-2023-50030

In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.

CVSS Score

9.8

EPSS Score

0.001

Published

2024-01-19

Page 1

Vulnerabilities

Vulnerable Software

Joommasters: >> Jmssetting Security Vulnerabilities

Products

Pricing

Contact Us